Certified in Risk and Information Systems Control (CRISC) — Question 564

The BEST indicator of the risk appetite of an organization is the:

Answer options

• A. risk management capability of the organization.
• B. importance assigned to IT in meeting strategic goals.
• C. board of directors’ response to identified risk factors.
• D. regulatory environment of the organization.

Correct answer: C

Explanation

The board of directors’ response to identified risk factors is a crucial indicator of an organization's risk appetite as it reflects the leadership's perspective on taking risks. While the risk management capability and the importance of IT are relevant, they do not directly express the organization's willingness to accept risks. The regulatory environment influences risk management but does not define the appetite itself.